Request Technology - Craig Johnson
Cyber Security Risk and Vulnerabilities Architect
Request Technology - Craig Johnson, San Francisco, California, United States, 94199
Overview
We are unable to sponsor for this 6+ month straight contract role, no 3rd party candidates will be considered. Prestigious Enterprise Company is currently seeking a Cyber Security Architect with strong Threat, Vulnerabilities, and Risk Compliance Architecture and Engineering experience. Candidate will be responsible for the planning, development and implementation of enterprise information security solutions to address the current and emerging security needs of the business. This role requires the solution of complex enterprise–scale information security problems. The role will design and develop new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
Responsibilities
Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions.
Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats.
Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture.
Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices.
Cloud Security
Shared Responsibility model
Secure services in the cloud
Infrastructure security in the cloud
Secure boundaries
Authentication & Authorization
security services in the Cloud
Cloud Native VS Third party security capabilities
Container Security
Container security life cycle
Image scanning
Qualifications
Strong knowledge of network security protocols, best practices, and perimeter security tools
Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping
Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management
Understanding of common data protection technologies such as cryptography, tokenization, and hashing
Understanding of Azure native security services and best practices
Strong knowledge of threat modelling and risk assessment technologies or frameworks
The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications
ability to lead the exercise of collecting the required data to produce the deliverables
Ability to articulate the requirements in technical and non technical language
Ability to defend secure design and support it with real life scenarios
Ability to articulate the risk and findings in business language
Explain vulnerabilities and threats
Threat modelling
Recent attacks
Application Security Focus Areas
Secure Code Development
Secure SDLC
Secure Agile development
Testing Security requirements
Writing security stories
Web Application Security
Owasp 10
SAST and DAST Scan
API Security
CI/CD pipeline
Integrate security tools
Security testing
#J-18808-Ljbffr
Responsibilities
Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions.
Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats.
Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture.
Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices.
Cloud Security
Shared Responsibility model
Secure services in the cloud
Infrastructure security in the cloud
Secure boundaries
Authentication & Authorization
security services in the Cloud
Cloud Native VS Third party security capabilities
Container Security
Container security life cycle
Image scanning
Qualifications
Strong knowledge of network security protocols, best practices, and perimeter security tools
Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping
Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management
Understanding of common data protection technologies such as cryptography, tokenization, and hashing
Understanding of Azure native security services and best practices
Strong knowledge of threat modelling and risk assessment technologies or frameworks
The candidate shall have the experience on developing secure view of architecture and secure design documents for different applications
ability to lead the exercise of collecting the required data to produce the deliverables
Ability to articulate the requirements in technical and non technical language
Ability to defend secure design and support it with real life scenarios
Ability to articulate the risk and findings in business language
Explain vulnerabilities and threats
Threat modelling
Recent attacks
Application Security Focus Areas
Secure Code Development
Secure SDLC
Secure Agile development
Testing Security requirements
Writing security stories
Web Application Security
Owasp 10
SAST and DAST Scan
API Security
CI/CD pipeline
Integrate security tools
Security testing
#J-18808-Ljbffr